245 matches found
MATRA: Modeling the Attack Surface of Agentic AI Systems -- OpenClaw Case Study
LLMs are increasingly deployed as autonomous agents with access to tools, databases, and external services, yet practitioners across different sectors lack systematic methods to assess how known threat classes translate into concrete risks within a specific agentic deployment. We present MATRA, a...
Agentic Fuzzing: Opportunities and Challenges
Fuzzers and static analyzers find many bugs but struggle with logic bugs in mature codebases. Triggering such a bug often requires multi-step reasoning that produces no distinctive execution feedback, and variants can appear across implementations too different for a single pattern to match. Rece...
Comment and Control: Hijacking Agentic Workflows Via Context-Grounded Evolution
Automation platforms such as GitHub Actions and n8n are increasingly adopting so-called agentic workflows, which integrate Large Language Model LLM agents for tasks such as code review and data synchronization. While bringing convenience for developers, this integration exposes a new risk: An...
When prompts become shells: RCE vulnerabilities in AI agent frameworks
In this article 1. A representative case study: Semantic Kernel 2. CVE-2026-26030: In-Memory Vector Store 3. CVE-2026-25592: Arbitrary file write through SessionsPythonPlugin 4. The vulnerability 5. Attack chain overview 6. Defending the agentic edge 7. Not bugs, but developed by design 8. CTF...
Demystifying and Detecting Agentic Workflow Injection Vulnerabilities in GitHub Actions
GitHub Actions is increasingly used to deploy LLM-based agents for repository-centric tasks such as issue triage, pull-request review, code modification, and release assistance. These agentic workflows extend traditional CI/CD automation with agentic capabilities but also create a new injection...
Towards Agentic Investigation of Security Alerts
Security analysts are overwhelmed by the volume of alerts and the low context provided by many detection systems. Early-stage investigations typically require manual correlation across multiple log sources, a task that is usually time-consuming. In this paper, we present an experimental, agentic...
From Stateless Queries to Autonomous Actions: A Layered Security Framework for Agentic AI Systems
Agentic AI systems face security challenges that stateless large language models do not. They plan across extended horizons, maintain persistent memory, invoke external tools, and coordinate with peer agents. Existing security analyses organize threats by attack type prompt injection, jailbreakin...
CVE-2026-41349 OpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patch
OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent...
vlnr
vlnr: Autonomous Vulnerability Discovery Pipeline !Python 3...
ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-boot (>=4.5.0 <=4.8.4) +5026 more potentially affected by CVE-2026-40974 via org.springframework.boot:spring-boot-autoconfigure (>=4.0.0-M1 <=4.0.5)
org.springframework.boot:spring-boot-autoconfigure MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40974 Source advisory:...
ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-boot (>=4.5.0 <=4.8.4) +5026 more potentially affected by CVE-2026-40971 via org.springframework.boot:spring-boot-autoconfigure (>=4.0.0-M1 <=4.0.5)
org.springframework.boot:spring-boot-autoconfigure MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0-beta-2 and more Source cves: CVE-2026-40971 Source advisory:...
PatchChain-Multi-Agent-Agentic-Pipeline-for-Autonomous-Code-Vulnerability-Analysis
No d...
Towards Optimal Agentic Architectures for Offensive Security Tasks
Agentic security systems increasingly audit live targets with tool-using LLMs, but prior systems fix a single coordination topology, leaving unclear when additional agents help and when they only add cost. We treat topology choice as an empirical systems question. We introduce a controlled...
Deterministic + Agentic AI: The Architecture Exposure Validation Requires
Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s...
Beyond RAG for Cyber Threat Intelligence: A Systematic Evaluation of Graph-Based and Agentic Retrieval
Cyber threat intelligence CTI analysts must answer complex questions over large collections of narrative security reports. Retrieval-augmented generation RAG systems help language models access external knowledge, but traditional vector retrieval often struggles with queries that require reasonin...
Malicious code in unisys-agentic-ai-playground (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13ec6c43f5a186c6e78aca52041174240070088e17078f1bcb9f63ac0d55f5f0 The package unisys-agentic-ai-playground was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-2874 Malicious code in unisys-agentic-ai-playground (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13ec6c43f5a186c6e78aca52041174240070088e17078f1bcb9f63ac0d55f5f0 The package unisys-agentic-ai-playground was found to contain malicious code. Source: ossf-package-analysis...
The agentic SOC—Rethinking SecOps for the next decade
Every major shift in cyberattacker behavior over the past decade has followed a meaningful shift in how defenders operate. When security operation centers SOCs deployed endpoint detection and response EDR—and later extended detection and response XDR—security teams raised the bar, pushing...
The agentic SOC—Rethinking SecOps for the next decade
Every major shift in cyberattacker behavior over the past decade has followed a meaningful shift in how defenders operate. When security operation centers SOCs deployed endpoint detection and response EDR—and later extended detection and response XDR—security teams raised the bar, pushing...
ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6), ai.telosforge:kimaira-starter-agentic-factory (>=1.2.4 <=1.2.6) +504 more potentially affected by CVE-2026-35568 via io.modelcontextprotocol.sdk:mcp-core (>=0.13.0 <=1.0.0-RC3)
io.modelcontextprotocol.sdk:mcp-core MAVEN version =0.13.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.0.1, =0.1.0, =0.3.0, =2.0.0-beta.7, =1.1.0.0, =1.1.0.0, =2.0.0-M1.1 and more Source cves: CVE-2026-35568 Source advisory: OSV:GHSA-8JXR-PR72-R468...